commit d13281f2964abc5f2e535e1613c77fc61b0c53e7
author Darren Tucker <dtucker@zip.com.au> Wed Mar 29 12:39:39 2017 +1100
committer Darren Tucker <dtucker@zip.com.au> Wed Mar 29 12:39:39 2017 +1100
tree 1b7b69f03a3af2441768ab77c8fa5f36ca2cdc65
parent f2742a481fe151e493765a3fbdef200df2ea7037

Don't check privsep user or path when unprivileged

If running with privsep (mandatory now) as a non-privileged user, we
don't chroot or change to an unprivileged user however we still checked
the existence of the user and directory.  Don't do those checks if we're
not going to use them.  Based in part on a patch from Lionel Fourquaux
via Corinna Vinschen, ok djm@

sshd.c

diff --git a/sshd.c b/sshd.c
index 010a2c3..197c4ec 100644
--- a/sshd.c
+++ b/sshd.c
@@ -223,6 +223,7 @@
 int use_privsep = -1;
 struct monitor *pmonitor = NULL;
 int privsep_is_preauth = 1;
+static int privsep_chroot = 1;
 
 /* global authentication context */
 Authctxt *the_authctxt = NULL;
@@ -541,7 +542,7 @@
 	demote_sensitive_data();
 
 	/* Demote the child */
-	if (getuid() == 0 || geteuid() == 0) {
+	if (privsep_chroot) {
 		/* Change our root directory */
 		if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1)
 			fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR,
@@ -1640,8 +1641,9 @@
 	);
 
 	/* Store privilege separation user for later use if required. */
+	privsep_chroot = use_privsep && (getuid() == 0 || geteuid() == 0);
 	if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) {
-		if (use_privsep || options.kerberos_authentication)
+		if (privsep_chroot || options.kerberos_authentication)
 			fatal("Privilege separation user %s does not exist",
 			    SSH_PRIVSEP_USER);
 	} else {
@@ -1767,7 +1769,7 @@
 		    key_type(key));
 	}
 
-	if (use_privsep) {
+	if (privsep_chroot) {
 		struct stat st;
 
 		if ((stat(_PATH_PRIVSEP_CHROOT_DIR, &st) == -1) ||